libpng-1.0.25 and libpng-1.2.17 are available at
ftp://ftp.simplesystems.org/pub/png/src
and at
libpng.sf.net
These releases fix a vulnerability in png_handle_tRNS() by which
a malformed PNG file can crash a libpng application. The bug has
existed since libpng-0.90. The vulnerability is identified as
CVE-2007-2445 and CERT VU#684664.
Glenn

Call for Vote
aNIM 20070426
ftp://ftp.simplesystems.org/pub/png-group/documents/
png-anim-proposal-20070426.txt
Glenn Randers-Pehrson <glennrp at comcast.net>
The voting period begins upon receipt of this message at lists.sf.net
and ends exactly two weeks thereafter. You can vote YES, NO, or
ABSTAIN, if you have posted a message to png-list@...,
png-implement@..., png-mng-misc@..., or
png-mng-implement@... at least 180 days prior to the end
of the voting period.
To vote, post a message to png-mng-misc@... with the first
5 lines of this message to png-list. Change the first line to YES,
NO, or ABSTAIN. Change the fifth line to your name and/or e-mail address. Include a summary of your vote in the subject line, e.g.
VOTE YES: aNIM 20070426
Threshold for passing is (yes / no >= 2) && (yes - no >= 5)
If you change your mind during the voting period you can cast another
vote. Only the latest vote from any individual will be counted. Please
do not submit your vote in a message with subject beginning with "Re:",
because that makes it difficult to distinguish actual votes from discussions
about people's votes.